A vulnerability exists in versions 7.2 and 7.3 of QuickTime (and possibly earlier versions) where the RSTP response can be manipulated to result in arbitrary code execution on a vulnerable system (despite attempts at filtering unwanted characters).

This vulnerability quickly spread from POC to exploit code, but at this stage only targets the Windows versions of QuickTime.

Description:

In what appears to be a similar vulnerability to one highlighted at the start of the year, as part of the Month of Mac Bugs project Alerted to here (security item 1.1), exploit code has begun circulating for an exploitable vulnerability in Apple's QuickTime media platform.

At this stage, the vulnerability targets the Windows XP and Vista versions of QuickTime, and currently targets 7.2 and 7.3 (the newest version).

Mitigation:

Concerned users and administrators may disable support for the rtsp protocol through the QuickTime Control Panel / Preference Pane and selecting the File Types / Advanced -> MIME Settings and deselecting the RTSP stream description under the Streaming - Streaming Movies option.

RTSP support may have already been disabled (due to prior mitigation steps for earlier vulnerabilities), and this setting may already be deselected by default in the latest versions (thanks to US-CERT). US-CERT also advise that this step MAY NOT block attacks and suggest blocking the rtsp:// protocol at the network perimeter, avoiding QuickTime material from untrusted sources, and hardening your browser.

Updates:

Not Yet Available

Source:

Various, including http://www.kb.cert.org/vuls/id/659761

Exploits:

Various

Not Yet Identified